Research: Federal Government Cybersecurity Survey

Ed Moyle and Diana Kelley04/02/12

Federal Cybersecurity: The New Threat Landscape

InformationWeek surveyed 106 federal IT professionals in March on the cybersecurity threats faced by their agencies and their strategies for dealing with them. The detailed survey results, and our analysis of how they correlate to the White House's cybersecurity policy initiatives, are contained in this report.

InformationWeek asked survey respondents about their progress in meeting national cybersecurity objectives, barriers to progress, areas of investment and the threat landscape. While the threats are varied and significant, our data suggests that progress is being made. A majority of those surveyed rated their agency's cybersecurity readiness as good or excellent, and only a minority reported an information security breach in the past three months.

The tough fiscal climate in Washington presents an added challenge. At a time when IT budgets are flat or declining in federal government, more than half of agencies plan to increase cybersecurity spending in fiscal year 2013. This shows that support for these initiatives is viewed as a high priority in these agencies. Elsewhere, however, cybersecurity spending is flat or declining.

Continuous monitoring is a key initiative across federal government, heading up the list of cybersecurity activities deemed most important. Other top priorities include ­upgrading standard defenses and improving the security of agency-issued mobile devices.

Survey respondents point to cybercriminals and hacktivists as the biggest threats to information security, followed by rogue insiders and foreign governments. On the question of readiness, they are most concerned about social media leaks and unsecured mobile devices.

When asked about the most significant challenge to their IT security efforts, survey respondents point foremost to too many competing priorities and resource constraints. Notably, technology itself doesn't seem to be much of a problem, cited by only 4% of respondents.

Much remains to be done in bolstering Uncle Sam's IT defenses. The unfinished business includes deployment of continuous monitoring capabilities, securing the growing number of mobile devices, establishing sound policies for use of social media, and developing better defenses against ill-intended hacktivists and insiders alike. (R4620412)